From 29b1188e1967731f230d3a86acc6f36b93149f45 Mon Sep 17 00:00:00 2001 From: Jan Stourac Date: Thu, 9 May 2024 18:29:27 +0200 Subject: [PATCH] Extend CI image check to also runtime images --- .github/workflows/params-env.yaml | 8 ++- ci/check-runtime-images.sh | 84 +++++++++++++++++++++++++++++++ 2 files changed, 91 insertions(+), 1 deletion(-) create mode 100755 ci/check-runtime-images.sh diff --git a/.github/workflows/params-env.yaml b/.github/workflows/params-env.yaml index c3c586bfc..dc110cb7e 100644 --- a/.github/workflows/params-env.yaml +++ b/.github/workflows/params-env.yaml @@ -1,9 +1,10 @@ --- -name: Validation of params.env content (image SHAs) +name: Validation of image references (image SHAs) in params.env and runtime images on: # yamllint disable-line rule:truthy pull_request: paths: - 'manifests/base/params.env' + - 'ci/check-params-env.sh' permissions: contents: read @@ -21,3 +22,8 @@ jobs: - name: Validate the 'manifests/base/params.env' file content run: | bash ./ci/check-params-env.sh + + - name: Validate references for runtime images + id: validate-runtime-images-references + run: | + bash ./ci/check-runtime-images.sh diff --git a/ci/check-runtime-images.sh b/ci/check-runtime-images.sh new file mode 100755 index 000000000..8908a9b6c --- /dev/null +++ b/ci/check-runtime-images.sh @@ -0,0 +1,84 @@ +#!/bin/bash +# +# This script serves to check and validate the definitions for runtime images. +# It does just a brief check of the metadata defined in the json file: +# 1. checks that given `.metadata.image_name` is valid and can be accessed by skopeo tool +# 2. checks that tag in `.metadata.tags[0]` can be found in the output from skopeo tool +# +# THIS FILE DOESN'T CHECK THAT THE USED LINK TO IMAGE IS THE LATEST ONE AVAILABLE! +# +# This script uses `skopeo` and `jq` tools installed locally for retrieving +# information about the particular remote images. +# +# Local execution: ./ci/check-runtime-image.sh +# Note: please execute from the root directory so that relative path matches +# +# In case of the PR on GitHub, this check is tied to GitHub actions automatically, +# see `.github/workflows` directory. + +# ---------------------------- DEFINED FUNCTIONS ----------------------------- # + +function check_image() { + local runtime_image_file="${1}" + + echo "---------------------------------------------" + echo "Checking file: '${runtime_image_file}'" + + local img_tag + local img_url + local img_metadata + + img_tag=$(jq -r '.metadata.tags[0]' "${runtime_image_file}") || { + echo "ERROR: Couldn't parse image tags metadata for '${runtime_image_file}' runtime image file!" + return 1 + } + img_url=$(jq -r '.metadata.image_name' "${runtime_image_file}") || { + echo "ERROR: Couldn't parse image URL metadata for '${runtime_image_file}' runtime image file!" + return 1 + } + + img_metadata="$(skopeo inspect --config "docker://${img_url}")" || { + echo "ERROR: Couldn't download '${img_url}' image metadata with skopeo tool!" + return 1 + } + + local expected_string="runtime-${img_tag}-ubi" + echo "Checking that '${expected_string}' is present in the image metadata" + echo "${img_metadata}" | grep --quiet "${expected_string}" || { + echo "ERROR: The string '${expected_string}' isn't present in the image metadata at all. Please check that the referenced image '${img_url}' is the correct one!" + return 1 + } + + # TODO: we shall extend this check to check also Label "io.openshift.build.commit.ref" value (e.g. '2024a') or something similar +} + +function main() { + ret_code=0 + + # If name of the directory isn't good enough, maybe we can improve this to search for the: `"schema_name": "runtime-image"` string. + runtime_image_files=$(find . -name "*.json" | grep "runtime-images" | sort --unique) + + IFS=$'\n' + for file in ${runtime_image_files}; do + check_image "${file}" || { + echo "ERROR: Check for '${file}' failed!" + ret_code=1 + } + done + + echo "---------------------------------------------" + echo "" + if test "${ret_code}" -eq 0; then + echo "Validation of runtime images definitions was successful! Congrats :)" + else + echo "ERROR: Some of the runtime image definitions aren't valid, please check above!" + fi + + return "${ret_code}" +} + +# ------------------------------ MAIN SCRIPT --------------------------------- # + +main + +exit "${?}"